WebAPI/Security/Wifi: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) (Created page with "==Web Bluetooth API== Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 https://wiki.mozilla.org/WebAPI/WebBluetooth Brief purpose of API: The aim of WebBluetooth i...") |
No edit summary |
||
| Line 12: | Line 12: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases: None | *Use cases: None | ||
Authorization model for normal content: None | *Authorization model for normal content: None | ||
Authorization model for installed content: None | *Authorization model for installed content: None | ||
Potential mitigations: | *Potential mitigations: | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use | *Use cases: None | ||
Authorization model: None | *Authorization model: None | ||
Potential mitigations: | *Potential mitigations: | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases: | *Use cases: | ||
Read bluetooth adapter state | *Read bluetooth adapter state | ||
Start/Stop device discovery | *Start/Stop device discovery | ||
List discovered devices | *List discovered devices | ||
Pair with device | *Pair with device | ||
Authorization model: Implicit | *Authorization model: Implicit | ||
Potential mitigations: Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection. Any limit on types of devices? | *Potential mitigations: Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection. Any limit on types of devices? | ||
Notes: Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release. | Notes: Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release. | ||
Revision as of 21:58, 30 July 2012
Web Bluetooth API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 https://wiki.mozilla.org/WebAPI/WebBluetooth
Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and communicate with Bluetooth devices. This includes setting properties on adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.
General Use Cases:
Inherent threats: Privacy, access to sensitive user devices, de-anonimization based on bluetooth state
Threat severity: high
Regular web content (unauthenticated)
- Use cases: None
- Authorization model for normal content: None
- Authorization model for installed content: None
- Potential mitigations:
Trusted (authenticated by publisher)
- Use cases: None
- Authorization model: None
- Potential mitigations:
Certified (vouched for by trusted 3rd party)
- Use cases:
- Read bluetooth adapter state
- Start/Stop device discovery
- List discovered devices
- Pair with device
- Authorization model: Implicit
- Potential mitigations: Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection. Any limit on types of devices?
Notes: Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.